User Manual

ManualsBrandsKontron ManualsHardwareAT8402 CLI

211

212

213

214

215

216

217

218

219

220

AT8402 Management Commands

Page 5 - 29 AT8402 CLI Reference Manual

5.9 TACACS+ Commands

TACACS+ provides access control for networked devices via one or more centralized

servers. Similar to RADIUS, this protocol simplifies authentication by making use of a

single database that can be shared by many clients on a large network. TACACS+ is

based on the TACACS protocol (described in RFC1492) but additionally provides for

separate authentication, authorization, and accounting services. The original protocol

was UDP based with messages passed in clear text over the network; TACACS+ uses

TCP to ensure reliable delivery and a shared key configured on the client and daemon

server to encrypt all messages.

5.9.1 tacacs-server host

Use the tacacs-server host command in Global Configuration mode to configure a

TACACS+ server. This command enters into the TACACS+ configuration mode. The

<ip-address> parameter is the IP address of the TACACS+ server. To specify multiple

hosts, multiple

tacacs-server host commands can be used.

Format

tacacs-server host <ip-address>

Mode Global Config

5.9.1.1 no tacacs-server host

Use the no tacacs-server host command to delete the specified hostname or IP

address. The <ip-address> parameter is the IP address of the TACACS+ server.

Format

no tacacs-server host <ip-address>

Mode Global Config

5.9.2 tacacs-server key

Use the tacacs-server key command to set the authentication and encryption key for

all TACACS+ communications between the switch and the TACACS+ daemon. The

<key-string> parameter has a range of 0 - 128 characters and specifies the

authentication and encryption key for all TACACS communications between the

switch and the TACACS+ server. This key must match the key used on the TACACS+

daemon.

Format

tacacs-server key <key-string>

Mode Global Config

5.9.2.1 no tacacs-server key

Use the no tacacs-server key command to disable the authentication and encryption

key for all TACACS+ communications between the switch and the TACACS+

daemon. The <key-string> parameter has a range of 0 - 128 characters This key must

match the key used on the TACACS+ daemon.

Format

no tacacs-server key <key-string>

Mode Global Config